Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1084773rwb; Wed, 16 Nov 2022 11:49:24 -0800 (PST) X-Google-Smtp-Source: AA0mqf5GH68fn0k0/V8a+jughZ0OB3g7+TlEcVwmYDlRd7Wi5IdJ/jtIjZ8F4ESFzCQG75cHgKT4 X-Received: by 2002:a17:90a:3f89:b0:217:90e0:3f8c with SMTP id m9-20020a17090a3f8900b0021790e03f8cmr5227257pjc.192.1668628164085; Wed, 16 Nov 2022 11:49:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668628164; cv=none; d=google.com; s=arc-20160816; b=KdcnmLdMJ9sp0NcxhrEQVo/ISWFR4MjWzJ+5O0P5wfBNRAumwVrqGKnBiv0uCa3BLw jzeJjU7dfEioG64ie4w7vYdQestm6OR9cZzZ+pDw0rCpTcT9nWYxuB2cMvWnKppIAq/d Iz7T0jfMCTo+4rrkj2yP3Ljbqb30YrJ0eXKGG9ktQhSsdxhiOvVmqvJ6WYuzbzW4VbNY P18ygoz08ztwb2ZmNUKin+G4uhuCsHEA5hfX2YMMQ/4sje4fl0fr4hkqO6BhPWufVDZu hfPYfcRKqDy5SSICok/dHFyd2VEBD5ZNqNZSFiacp90oSdHvIfi4MccMhkfkjKQwDwRB 3x3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=aYkevZPPey9BdjMs0ZuT+xbpEjqPS3hOe+/G7hJhA64=; b=raVGy4BpTVDzjqXT1ZW7dJFGyfTTcm3+PhyTYTIsiM6lALqzanAMjyBgcVhiHAvrZP goClnGm7mmybW00uAk8o5O5wdBvgIlC4fVI+DhfOmcd62TD9SQQJn7FJBKzeMWfJDyyR hcEz6l5OpGFGcYX81kHBGtyah0cOoYlXjtPB4LA2ObqPUvBAfZbStrbhG0Z7hc9H9j3d nW7F8LuiKP8SuTz1+0uOzhu9Soq9viypDGl0TcmBT0HPsWrG+JYbmMqWxLqZ5sgVVHu8 sODjM+2feizz+jH2reVBQp1Bb+URuOjXjePf0T7s2lNPNveGhb43OAgvk3b4or35frN9 6+Dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=V3cGyN4K; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Nh3qVTLa; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x23-20020a634a17000000b00453d2790c49si16374462pga.11.2022.11.16.11.49.05; Wed, 16 Nov 2022 11:49:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=V3cGyN4K; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Nh3qVTLa; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231565AbiKPTmR (ORCPT + 99 others); Wed, 16 Nov 2022 14:42:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229617AbiKPTmP (ORCPT ); Wed, 16 Nov 2022 14:42:15 -0500 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5CB1183B8; Wed, 16 Nov 2022 11:42:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1668627734; bh=Zbt4bXsEqR2aVAoTn7u+yGScVtBmIodkQzBGeRdnpVM=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=V3cGyN4K0AiD6bOxqkjUqJNUhK1L8GMZGyqs4PCMK0Mj4snSszY06U8CT75PluqEf 0O+pGiv4D8Es4UlEPxrm1UijaaRZMR6mYwAgL/HqY5YIsyZheuusZUvGeTB45JACqV 0y4JG8rVBJQNtpiSRqtrkVToqzwG5aAJNFOy5pBc= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 2D5421285D4F; Wed, 16 Nov 2022 14:42:14 -0500 (EST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDKSsTIXis9k; Wed, 16 Nov 2022 14:42:14 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1668627733; bh=Zbt4bXsEqR2aVAoTn7u+yGScVtBmIodkQzBGeRdnpVM=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=Nh3qVTLayYjtlgQk09cclwsItcUBhWDU0GPrd8VvtmiKN5JtGhB61zB93RSkxa10Q Iq7A/cXM7FNwb+mQDe60Uqw6RLbVSQh0dWfqEnv/OvggoeQ4OP6sfJwP1OVToOL/S+ 7/p1xC533cLxyAgwLElMLeVqz76CXNPIUZk3qcoI= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::a774]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 73ADD12813D0; Wed, 16 Nov 2022 14:42:13 -0500 (EST) Message-ID: <7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com> Subject: Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables From: James Bottomley To: Ard Biesheuvel , "Jason A. Donenfeld" Cc: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, Lennart Poettering Date: Wed, 16 Nov 2022 14:42:11 -0500 In-Reply-To: References: <20221116161642.1670235-1-Jason@zx2c4.com> <20221116161642.1670235-6-Jason@zx2c4.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 2022-11-16 at 18:04 +0100, Ard Biesheuvel wrote: > On Wed, 16 Nov 2022 at 17:17, Jason A. Donenfeld > wrote: > > > > Variables in the random seed GUID must remain secret, so deny all > > reads > > to them. > > > > Signed-off-by: Jason A. Donenfeld > > --- > >  fs/efivarfs/file.c | 3 +++ > >  1 file changed, 3 insertions(+) > > > > diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c > > index d57ee15874f9..08996ba3a373 100644 > > --- a/fs/efivarfs/file.c > > +++ b/fs/efivarfs/file.c > > @@ -76,6 +76,9 @@ static ssize_t efivarfs_file_read(struct file > > *file, char __user *userbuf, > >         while (!__ratelimit(&file->f_cred->user->ratelimit)) > >                 msleep(50); > > > > +       if (guid_equal(&var->var.VendorGuid, > > &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) > > +               return -EPERM; > > + > >         err = efivar_entry_size(var, &datasize); > > > >         /* > > I'd prefer it if we could just disregard them entirely, i.e., never > enumerate them so that they don't appear in the file system. It would be nice if they could be boot services only ... then they disappear naturally, but that would mean the rng would have to initialize and save in the EFI stub before ExitBootServices, which doesn't seem practical. James